using outbound ip connections for remote access
DESCRIPTION
Using Outbound IP Connections for Remote Access. EXPO 2005 Chicago, IL. Presenter. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Using Outbound IP Connections for Remote Access](https://reader035.vdocument.in/reader035/viewer/2022062217/568149e8550346895db7118b/html5/thumbnails/1.jpg)
Standards
Certification
Education & Training
Publishing
Conferences & Exhibits
Using Outbound IP Connections for Remote Access
EXPO 2005
Chicago, IL
![Page 2: Using Outbound IP Connections for Remote Access](https://reader035.vdocument.in/reader035/viewer/2022062217/568149e8550346895db7118b/html5/thumbnails/2.jpg)
2
Presenter
• Jim Kokal is President/CEO and Co-Founder of Wavetrix, a leading product development company. He has over 18 years experience in developing, marketing, and selling communication and networking systems At Wavetrix, he has led the creation of Traversix Virtual Connectivity Network product to address the needs of customers in remote access market.. Prior to Wavetrix, he was the Director of Marketing at Broadband Gateways and at Blue Wave Systems (now Motorola) he successfully created and launched the Softband™ software radio product line. He holds an MBA from the University of California at Los Angeles, and a MSEE/BSEE from the University of Illinois.
Virtual Connectivity Network
![Page 3: Using Outbound IP Connections for Remote Access](https://reader035.vdocument.in/reader035/viewer/2022062217/568149e8550346895db7118b/html5/thumbnails/3.jpg)
3
Agenda
• Objective
• Remote Access Applications
• Inbound Connection Oriented Architecture
• Outbound Connection Oriented Architecture
• Outbound Connection Systems
• Summary/Questions
![Page 4: Using Outbound IP Connections for Remote Access](https://reader035.vdocument.in/reader035/viewer/2022062217/568149e8550346895db7118b/html5/thumbnails/4.jpg)
4
Goals
• Objective:– Enable remote access regardless of location
• Motivation– Remote access offers enormous economic and service
delivery benefits – better, faster, cheaper
• Issues– Firewall(s)/Router(s) reconfiguration is very challenging
when remote access is needed via the Internet– Especially true for third party deployments
– Centralized administration of user access and privileges– Security is of paramount importance
![Page 5: Using Outbound IP Connections for Remote Access](https://reader035.vdocument.in/reader035/viewer/2022062217/568149e8550346895db7118b/html5/thumbnails/5.jpg)
5
Networking Trends
• Network complexity is growing– Security requirements are increasing
– System integration is increasing within an organization, to customers, and to suppliers
• Regulatory Issues– HIPAA, Sarbanes-Oxley, etc., add additional requirements
• LAN– Old Paradigm: Inherently trusted user
– New Paradigm: Inherently untrusted user
– Treat an internal and external user identically
![Page 6: Using Outbound IP Connections for Remote Access](https://reader035.vdocument.in/reader035/viewer/2022062217/568149e8550346895db7118b/html5/thumbnails/6.jpg)
6
Remote Access Applications
• Status and Maintenance Checks
• Diagnostics
• Configuration and Administration
• Software Upgrade
• Log File Retrieval
![Page 7: Using Outbound IP Connections for Remote Access](https://reader035.vdocument.in/reader035/viewer/2022062217/568149e8550346895db7118b/html5/thumbnails/7.jpg)
7
Remote Access Methodologies
• LAN Based– Usually constrained to one physical site, no outside access
• Inbound Connection via the Internet– Definition: Client originates a connection to the serial
server– Requires Firewall(s)/Router(s) reconfiguration– Port Forwarding is the most common implementation
• Outbound Connection via the Internet– Definition: Serial server originates connection to a known
point– Gateway provides connection point
![Page 8: Using Outbound IP Connections for Remote Access](https://reader035.vdocument.in/reader035/viewer/2022062217/568149e8550346895db7118b/html5/thumbnails/8.jpg)
8
Inbound Connection Systems
• Client (i.e. PC) originates connection to the serial server– Telnet or Virtual Serial Port
• Serial Server– Static IP address
– Authenticates user (username/password)
• Two Configurations– LAN vs. Internet
– Internet connection requires advance provisioning
![Page 9: Using Outbound IP Connections for Remote Access](https://reader035.vdocument.in/reader035/viewer/2022062217/568149e8550346895db7118b/html5/thumbnails/9.jpg)
9
LAN Based Access
Serial-EnabledDevice
PC withVirtual Serial Port
/Telnet
Firewall
SerialServer
LAN
Internet
• Client (i.e. PC) originates connection to the serial server– Telnet or Virtual Serial Port
• Serial Server– Static IP address − Authenticates user (username/password)
![Page 10: Using Outbound IP Connections for Remote Access](https://reader035.vdocument.in/reader035/viewer/2022062217/568149e8550346895db7118b/html5/thumbnails/10.jpg)
10
LAN Based Issues
• Security– Usually not encrypted
– Encryption often based on pre-shared key– Username/Password
– Located in the serial server• IP administration
– Static IP address for the serial server– Within the same subnet, no additional configuration
required– Outside the subnet requires routers/firewalls be
reconfigured to establish a connection between the PC and the serial server
![Page 11: Using Outbound IP Connections for Remote Access](https://reader035.vdocument.in/reader035/viewer/2022062217/568149e8550346895db7118b/html5/thumbnails/11.jpg)
11
Inbound Connection Architecture
• User connects remotely using the Internet to serial server inside the firewall of an organization– Requires advance provisioning
– Port Forwarding is the most common technology
Internet
Serial-EnabledDevice
PC withVSP/Telnet
Firewall Firewall
SerialServer
LANLAN
![Page 12: Using Outbound IP Connections for Remote Access](https://reader035.vdocument.in/reader035/viewer/2022062217/568149e8550346895db7118b/html5/thumbnails/12.jpg)
12
Port Forwarding Illustration
• Web servers are the most common example
Serial-EnabledDevicePort Forwarding Table
Web Server
WAN TCP Port LAN IP Address:Port80 192.168.0.15:801255 192.168.0.7:1255
192.168.0.15
192.168.0.7
SerialServer
55
12
08
LAN
WAN
Firewall/Router
Remote ConnectionRequest
Web PageRequest
![Page 13: Using Outbound IP Connections for Remote Access](https://reader035.vdocument.in/reader035/viewer/2022062217/568149e8550346895db7118b/html5/thumbnails/13.jpg)
13
Installation Issues
• Provisioning IP address routing is resource intensive– They must be setup and tested
– Maintained through upgrades/replacements
– At a third party, time and politics drive the process
• Username/password is in serial server• Must know IP address (and port number) of serial
server– Multiple serial servers within a single facility require each
to have their own port number
![Page 14: Using Outbound IP Connections for Remote Access](https://reader035.vdocument.in/reader035/viewer/2022062217/568149e8550346895db7118b/html5/thumbnails/14.jpg)
14
Administrative Issues
• Serial servers are individually managed– To reduce complexity, a single username/password is often
used for all users
• Serial server configuration information (IP address, port number) must be disseminated– Users must keep track of this information
– Updates must sent whenever the information changes
• Complexity grows dramatically as the size of deployment grows
![Page 15: Using Outbound IP Connections for Remote Access](https://reader035.vdocument.in/reader035/viewer/2022062217/568149e8550346895db7118b/html5/thumbnails/15.jpg)
15
Outbound Connection Motivation
• Outbound connections are generally permitted– Examples: Requesting a web page, retrieving e-
• Requires no changes to the firewall or router– Mimics existing network processes– Traverses the firewall like other processes
• Faster, simpler deployment• Reduces technician skill level requirements
– Requires minimal “Networking” training
![Page 16: Using Outbound IP Connections for Remote Access](https://reader035.vdocument.in/reader035/viewer/2022062217/568149e8550346895db7118b/html5/thumbnails/16.jpg)
16
Architectural Changes
• Serial server needs a connection point– Client isn’t always there and is usually not visible
from the Internet
• Solution: Add a connectivity gateway– Moves the client connection from locally at the
serial server, to the gateway on the Internet– Provides a central point for access control and
privilege administration
![Page 17: Using Outbound IP Connections for Remote Access](https://reader035.vdocument.in/reader035/viewer/2022062217/568149e8550346895db7118b/html5/thumbnails/17.jpg)
17
Outbound Connection Architecture
• The gateway provides a central point for all connections– Serial server connects to the Gateway– Client Software connects to the Gateway– Gateway establishes a connection between them when instructed
Internet
Serial-EnabledDevice
PC withVSP/Telnet
ConnectivityGateway
SerialServer
LANLAN
FirewallFirewall
![Page 18: Using Outbound IP Connections for Remote Access](https://reader035.vdocument.in/reader035/viewer/2022062217/568149e8550346895db7118b/html5/thumbnails/18.jpg)
18
Outbound Connection Elements
• Serial Server– Originates and maintains a constant connection to the
connectivity gateway
– Serial server can have a DHCP or Static IP address
• Connectivity Gateway– Specific purpose appliance that resides on the Internet
• Client– Creates a connection with connectivity gateway
– Connectivity gateway authenticates and then connects the client to the requested serial server
![Page 19: Using Outbound IP Connections for Remote Access](https://reader035.vdocument.in/reader035/viewer/2022062217/568149e8550346895db7118b/html5/thumbnails/19.jpg)
19
Enhanced Security
• Bi-lateral Authentication– User
– Individual username/password
– Device
– Can use very strong machine-to-machine techniques
• Data Transfer– Encryption
– Pre-shared or dynamic key exchange
• Administration– Privileges/Access controlled individually
![Page 20: Using Outbound IP Connections for Remote Access](https://reader035.vdocument.in/reader035/viewer/2022062217/568149e8550346895db7118b/html5/thumbnails/20.jpg)
20
Centralized Administration
• Single point to control access to all serial servers
• User privileges are individually defined and controlled
• Enables a serial server to be shared across organizational boundaries
• Inherently disseminates any changes to a serial servers configuration information
![Page 21: Using Outbound IP Connections for Remote Access](https://reader035.vdocument.in/reader035/viewer/2022062217/568149e8550346895db7118b/html5/thumbnails/21.jpg)
21
Gateway Considerations
• High reliability/availability– Mission criticality
• Subscription or Hosted– Deployment size
• Internal Operated vs. Host Facility– Facility capability
– Power, Internet feed redundancy– Human resource requirements
![Page 22: Using Outbound IP Connections for Remote Access](https://reader035.vdocument.in/reader035/viewer/2022062217/568149e8550346895db7118b/html5/thumbnails/22.jpg)
22
Summary
• Outbound connections simplify remote access especially at third party facilities– Firewall traversal eliminates the need for
reconfiguration– Central administration improves security and
control
![Page 23: Using Outbound IP Connections for Remote Access](https://reader035.vdocument.in/reader035/viewer/2022062217/568149e8550346895db7118b/html5/thumbnails/23.jpg)
23
Thank You
Questions?
Virtual Connectivity Network
www,traversix.com